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W THE CLAIMS: 

Amended claims follow: 

1 . (Currently Amended) A computerized method comprising: 

monitoring a peer-to-peer network for suspicious activity based on patterns of 
activity; and 

performing an action associated with a particular pattern when the particular 
pattern is detected in the peer-to-peer network; 

wherein th e peer-to-peer network permits peers to connect and operate 

s ubstantially without a server bv utilizing the server, at most, for providing addresses for 
the peers in the peer-to-peer network: 

wherein a pattern of ac tivity is defined in terms of a configuration of shared data on 

a peer, the configuration establishing a baseline of authorized shares and permissions in 
association with the shared data; 

wherein monitoring a peer-to-peer network comprises evaluating a change with 

respect to the shared data on a peer in the peer-to-peer network, the change being made 
with respect to the baseline . 

2. (Original) The computerized method of claim 1 , wherein monitoring a peer-to-peer 
network comprises: 

evaluating network traffic among peers in the peer-to-peer network. 

3. (Cancelled) 

4. (Original) The computerized method of claim 1 , wherein a pattern of activity is 
defined in terms of a threshold value of network traffic in the peer-to-peer network. 
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5. (Original) The computerized method of claim L, wherein a pattern of activity is 
defined in terms of network traffic in the peer-to-peer network that uses a specific 
protocol. 

6. (Cancelled) 

7. (Original) The computerized method of claim 1, wherein a pattern of activity is 
defined in terms of network traffic in the peer-to-peer network having a foreign address. 

8. (Cancelled) 

9. (Original) The computerized method of claim 1 , wherein the action comprises 
logging information about the particular pattern. 

1 0. (Original) The computerized method of claim 1 , wherein the action comprises 
sending an alert about the particular pattern. 

1 1 . (Original) The computerized method of claim 1 , wherein the patterns of activity are 
local to a peer in the peer-to-peer network. 

12. (Original) The computerized method of claim 1, wherein the patterns of activity are 
global to the peer-to-peer network. 

13. (Original) The computerized method of claim 1 further comprising: 
obtaining a set of rules specifying the patterns of activity and associated actions. 

14. (Original) The computerized method of claim 13 further comprising: 
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refreshing the set of rules when the set of rules changes. 

1 5. (Currently Amended) A computer-readable medium having executable instructions 
to cause a processor to perform a method comprising: 

monitoring a peer-to-peer network for suspicious activity based on patterns of 
activity; and 

performing an action associated with a particular pattern when the particular 
pattern is detected in the peer-to-peer network; 

wherein the peer-to-peer network permits peers to connect and operate 

substantially without a server bv util izing the server, at most, for providing addresses for 
the peers in the peer-to-peer network: 

wherein a pattern of acti vity is defined in terms of a configuration of shared data on 

a peer, the configuration establishing a baseline of authorized shares and permissions in 
association with the shared data; 

wherein monitoring a peer-to-peer network comprises evaluating a change with 

r_espect to the shared data on a peer in the peer-to-peer network, the change being made 
with respect to the baseline . 

1 6. (Original) The computer-readable medium of claim 1 5, wherein the method further 
comprises: 

evaluating network traffic among peers in the peer-to-peer network when 
monitoring the peer-to-peer network. 

17. (Cancelled) 
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1 8. (Original) The computer-readable medium of claim 1 5, wherein a pattern of 
activity is defined in terms of a threshold value of network traffic in the peer-to-peer 
network. 

1 9. (Original) The computer-readable medium of claim I 5, wherein a pattern of 
activity is defined in terms of network traffic in the peer-to-peer network that uses a 
specific protocol. 

20. (Cancelled) 

21 . (Original) The computer-readable medium of claim 15, wherein a pattern of 
activity is defined in terms of network traffic in the peer-to-peer network having a foreign 
address. 

22. (Cancelled) 

23. (Original) The computer-readable medium of claim 15, wherein the action 
comprises logging information about the particular pattern. 

24. (Original) The computer-readable medium of claim 1 5, wherein the action 
comprises sending an alert about the particular pattern. 

25. (Original) The computer-readable medium of claim 15, wherein the patterns of 
activity are local to a peer in the peer-to-peer network. 

26. (Original) The computer-readable medium of claim 1 5, wherein the patterns of 
activity are global to the peer-to-peer network. 
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27. (Original) The computer-readable medium of claim 1 5, wherein the method further 
comprises: 

obtaining a set of rules specifying the patterns of activity and associated actions. 

28. (Original) The computer-readable medium of claim 27, wherein the method further 
comprises: 

refreshing the set of rules when the set of rules changes. 

29. (Currently Amended) A system comprising: 

a processor coupled to a memory through a bus; 

a network interface coupled to the processor through the bus and further operable 
to selectively couple to a peer-to-peer network; and 

a peer-to-peer security process executed by the processor from the memory to 
cause the processor to monitor the peer-to-peer network for suspicious activity based on 
patterns of activity, and to perform an action associated with a particular pattern when the 
particular pattern is detected in the peer-to-peer network,; 

wherein the peer-to-peer network permits peers to connect and operate 

substantially without a server bv utilizing the server, at most, for providing addresses for 
the peers in the peer-to-peer network: 

wherein a pattern of activity is defined in terms of a configuration of shared data on 

a peer, the configurati on establishing a baseline of authorized shares and permissions in 
association with the shared data: 

wherein monitoring a peer-to-peer network comprises evaluating a change with 

respect to the shared data on a peer i n the peer-to-peer networks the change being made 
with respect to the baseline . 
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30. (Original) The system of claim 29, wherein peer-to-peer security process further 
causes the processor to evaluate network traffic between the peers in the peer-to-peer 
network when monitoring the peer-to-peer network. 

31. (Cancelled) 

32. (Original) The system of claim 29, wherein the peer-to-peer security process 
further causes the processor to monitor the peer-to-peer network for a pattern of activity 
defined in terms of a threshold value of network traffic in the peer-to-peer network. 

33. (Original) The system of claim 29, wherein the peer-to-peer security process 
further causes the processor to monitor the peer-to-peer network for a pattern of activity 
defined in terms of network traffic in the peer-to-peer network that uses a specific 
protocol. 

34. (Cancelled) 

35. (Original) The system of claim 29, wherein the peer-to-peer security process 
further causes the processor to monitor the peer-to-peer network for a pattern of activity 
defined in terms of network traffic having a foreign address. 

36. (Cancelled) 

37. (Original) The system of claim 29, wherein the peer-to-peer security process 
further causes the processor to log information about the particular pattern when 
performing the action associated with the particular pattern. 
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38. (Original) The system of claim 29, wherein the peer-to-peer security process 
further causes the processor to send an alert about the particular pattern when performing 
the action associated with the particular pattern. 

39. (Original) The system of claim 29, wherein the system is a peer in the peer-to-peer 
network and the patterns of activity are local to the system. 

40. (Original) The system of claim 29, wherein the system is a server in the peer-to- 
peer network and the patterns of activity are global to the peer-to-peer network. 

4 1 . (Original) The system of claim 40, wherein the system is a border firewall. 

42. (Original) The system of claim 40, wherein the system is a domain name server. 

43. (Original) The system of claim 29, wherein the peer-to-peer security process 
further causes the processor to obtain a set of rules specifying the patterns of activity and 
associated actions. 

44. (Original) The system of claim 43, wherein the peer-to-peer security process 
further causes the processor to refresh the set of rules when the set of rules changes. 

45. (New) The computerized method of claim 1, wherein a share configuration loop is 
executed to detect changes to shares and corresponding permissions, and take action as a 
function of a type of the changes. 

46. (New) The computerized method of claim 45, wherein the share configuration loop 
is executed dynamically. 

Docket: NAI 1 P344/01 .249.0 1 -8- 



PAGE 11/18 * RCVD AT 4/1/2005 2:29:38 PM [Eastern Standard Time] ■ SVR:USPTO-EFXRF-1/0 ■ 0103:8729308 ■ CS©:408 971 4660 • DURATION <mm-ss):05-42 



Rpr 01 05 11:38a SVIPG 



408 971 4GB0 



p. 12 



47. (New) The computerized method of claim 45, wherein the share configuration 
loop is executed on a schedule. 

48. (New) The computerized method of claim 45. wherein the share configuration loop 
examines a current share configuration against a previously recorded shared configuration. 

49. (New) The computerized method of claim 45, wherein, if the change includes an 
attempt to un-share a file or directory, the action includes a log entry. 
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